name: nix

on:
  push:
    branches:
      - main
  pull_request:

permissions: read-all

jobs:
  nix:
    strategy:
      fail-fast: false
      matrix:
        os: [ubuntu-latest, macos-14]
    runs-on: ${{ matrix.os }}
    timeout-minutes: 15 # NOTE (aseipp): keep in-sync with the build.yml timeout limit

    name: flake check
    steps:
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          fetch-depth: 0
      - uses: DeterminateSystems/nix-installer-action@ab6bcb2d5af0e904d04aea750e2089e9dc4cbfdd
      - uses: DeterminateSystems/magic-nix-cache-action@b46e247b898aa56e6d2d2e728dc6df6c84fdb738
      - run: nix flake check -L --show-trace